aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Use Doxygen to generate the API documentation.add/doxygen-genlns2022-05-29
| | | | | | * Integrated Doxygen documentation into Sphinx Signed-off-by: lns <matzeton@googlemail.com>
* Fixed HTTP lower/upper protocol mess for Aimini/IPP. (#1557)Toni2022-05-28
| | | | | * If HTTP was already detected, there is no need to overwrite the detection again Signed-off-by: lns <matzeton@googlemail.com>
* Compilation fixes for old gcc compilerLuca Deri2022-05-28
|
* Compilation fixesLuca Deri2022-05-27
|
* Version cut fixLuca Deri2022-05-27
|
* Fixes compilation issues on RedHat systemsLuca Deri2022-05-26
|
* Sync unit test results (#1554)Ivan Nardi2022-05-26
|
* Updated SkypeCall -> Skype_TeamsCallLuca Deri2022-05-26
|
* Fixed false positives with NATSLuca Deri2022-05-26
|
* Added script to compare and verify the output of `make dist'. (#1551)Toni2022-05-26
| | | | | | | This fixes some build/test issues resulting when using tarballs. * nDPI uses autotools (especially autoconf) in a wrong way, see #1163 Signed-off-by: lns <matzeton@googlemail.com>
* Replaced obsolete autoconf macros. (#1553)Toni2022-05-26
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Fixed windows-latest build error. (#1552)Toni2022-05-26
| | | | | * The warning itself looks like a bug Signed-off-by: lns <matzeton@googlemail.com>
* Improved invalid host detectionLuca Deri2022-05-24
|
* Added invalid SNI check in QUICLuca Deri2022-05-24
|
* Improved detection of invalid SNI and hostnames in TLS, HTTPLuca Deri2022-05-24
|
* Added room for storing information used by custom third-party dissectorsLuca Deri2022-05-19
|
* Moved RTSP http patterns to the protocol source file.lns2022-05-19
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* Yet another approach to fix #1499 (basically a copy&pasta from @socketpair).Toni Uhlig2022-05-16
| | | | | | * Related to #1545, #1494 and #1189 as well Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Removed MacOS XCode integration.Toni Uhlig2022-05-16
| | | | | | | | | * It is outdated (from 2018) and will most likely not work anymore due to changed protocol files and outdated API usage in the example integration * Removal is the only option besides fixing those issues and provide a CI integration for future automatic checks Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Moved mgcp.pcapng to tests/pcap/ instead of tests/Toni Uhlig2022-05-16
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* DNS-over-QUIC: update default port (#1548)Ivan Nardi2022-05-12
| | | | | | Final RFC (https://www.rfc-editor.org/rfc/rfc9250.txt) changed the default port to 853 (from the 784 used on the early drafts). Since there is at least one deployed implementation still stuck at draft-02, keep also the old value, for the time being.
* Improved Viber (TCP) detection. (#1547)Toni2022-05-10
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved Xiaomi HTTP detection. (#1546)Toni2022-05-10
| | | | | * Merged Xiaomi pcap files Signed-off-by: lns <matzeton@googlemail.com>
* Removed TLS patterns in the CiscoVPN aka Anyconnect dissector as mentioned ↵Toni2022-05-09
| | | | | in PR #1534. (#1543) Signed-off-by: lns <matzeton@googlemail.com>
* Added Softether(-VPN) DDNS service detection. (#1544)Toni2022-05-09
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved TLS alert detection. (#1542)Toni2022-05-08
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Improved TLS application data detection. (#1541)Toni2022-05-08
| | | | | | * #1532 did fx TLS appdata detection only partially * use flow->l4.tcp.tls.message.buffer_used instead of packet->payload Signed-off-by: lns <matzeton@googlemail.com>
* Added Edgecast and Cachefly CDNs. (#1540)Toni2022-05-07
| | | | | | | | * Improved ASN update script * Ran `utils/update_every_lists.sh' * `tests/do.sh.in' prints the amount of failed pcap(s) * `utils/asn_update.sh' prints the amount of failed download(s) Signed-off-by: lns <matzeton@googlemail.com>
* Replaced ndpiReader's libjson-c support with libnDPI's internal ↵Toni2022-05-07
| | | | | | | | | | | serialization interface. (#1535) * Fixes #1528 * Serialization Interface should also fuzzed * libjson-c may only be used in the unit test to verify the internal serialization interface * Serialization Interface supports tlv(broken), csv and json * Unit test does work again and requires libjson-c Signed-off-by: lns <matzeton@googlemail.com>
* Fix compilation (if `--enable-debug-messages` is used) (#1539)Ivan Nardi2022-05-04
|
* Added extra check to make sure that the guessed protocol is the one we ↵Luca Deri2022-05-04
| | | | expect and not another one
* Fixes bug that prevents triggering alerts for traffic on non-standard ports ↵Luca Deri2022-05-04
| | | | | | that have been defined in the custom protocols file Fixes https://github.com/ntop/ntopng/issues/6458
* Fixes outdated descriptionLuca Deri2022-05-04
|
* Modified risk labelsLuca Deri2022-05-04
|
* Added some Pluralsight Hostnames/SNIs. May fix #1501. (#1538)Toni2022-05-03
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Updated RRD dependenciesLuca Deri2022-05-03
|
* Improved suspicious http user agent detection. (#1537)Toni2022-05-02
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added ndpi_get_flow_error_code() API callLuca Deri2022-05-02
| | | | Fixed typo
* Improved AES-NI check. (#1536)Toni2022-04-30
| | | | | * A library should not open a subshell Signed-off-by: lns <matzeton@googlemail.com>
* Improved AES-NI check on Linux to avoid crashes on CPUs that doLuca Deri2022-04-29
| | | | not support it (e.g. Intel Celeron N2930)
* Sync unit tests results (#1533)Ivan Nardi2022-04-27
|
* Improved TLS application data detection. (#1532)Toni2022-04-27
| | | Signed-off-by: lns <matzeton@googlemail.com>
* Added BPF filtering for discarding non-IP packetsLuca Deri2022-04-27
|
* String messages have been shrinkedLuca Deri2022-04-27
|
* Added ability to store custom category file in patricia treeLuca Deri2022-04-26
|
* Add ndpi_json_string_escape to the APIAlfredo Cardigliano2022-04-26
|
* Raknet: fix heap-buffer-overflow (#1531)Ivan Nardi2022-04-25
| | | | | | | | | | | | | | | | | | | | | | | | ``` ==120637==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000488 at pc 0x55a0598d97ec bp 0x7ffcfe13f2e0 sp 0x7ffcfe13f2d8 READ of size 2 at 0x606000000488 thread T0 #0 0x55a0598d97eb in ndpi_search_raknet /home/ivan/svnrepos/nDPI/src/lib/protocols/raknet.c:152:38 #1 0x55a05966c48e in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5060:6 #2 0x55a05966e428 in check_ndpi_udp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5119:10 #3 0x55a05966dddc in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5152:12 #4 0x55a05967fa7a in ndpi_detection_process_packet /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:5971:15 #5 0x55a05962b860 in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:24:3 #6 0x55a05962bd9b in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:84:17 #7 0x7f4aad7d80b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #8 0x55a05956b46d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x5d746d) (BuildId: 9429d3d08edc3836e5536f93c07f140716d8b82e) 0x606000000488 is located 9 bytes to the right of 63-byte region [0x606000000440,0x60600000047f) allocated by thread T0 here: #0 0x55a0595ee80e in malloc (/home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet_with_main+0x65a80e) (BuildId: 9429d3d08edc3836e5536f93c07f140716d8b82e) #1 0x55a05962bd06 in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_process_packet.c:70:17 #2 0x7f4aad7d80b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 ``` Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47000
* Added generic user agent setter. (#1530)Toni2022-04-25
| | | | | * ndpiReader: Print user agent if one was set and not just for certain protocols. Signed-off-by: lns <matzeton@googlemail.com>
* XIAOMI: add detection of Xiaomi traffic (#1529)Ivan Nardi2022-04-25
| | | Most of the credits should go to @utoni (see #1521)
* Added RakNet protocol dissector. (#1527)Toni2022-04-24
| | | | | * Frame Set PDU's do not get fully dissected for the sake of simplicity Signed-off-by: lns <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.